<?php
/**
 * product_info header_php.php 
 *
 * @package page
 * @copyright Copyright 2003-2007 Zen Cart Development Team
 * @copyright Portions Copyright 2003 osCommerce
 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
 * @version $Id: header_php.php 6963 2007-09-08 02:36:34Z drbyte $
 */

  // This should be first line of the script:
  $zco_notifier->notify('NOTIFY_HEADER_START_PRODUCT_INFO');

  require(DIR_WS_MODULES . zen_get_module_directory('require_languages.php'));

  // if specified product_id is disabled or doesn't exist, ensure that metatags and breadcrumbs don't share inappropriate information
  $sql = "select count(*) as total
          from " . TABLE_PRODUCTS . " p, " .
                   TABLE_PRODUCTS_DESCRIPTION . " pd
          where    p.products_status = '1'
          and      p.products_id = '" . (int)$_GET['products_id'] . "'
          and      pd.products_id = p.products_id
          and      pd.language_id = '" . (int)$_SESSION['languages_id'] . "'";
  $res = $db->Execute($sql);
  if ( $res->fields['total'] < 1 ) {
    unset($_GET['products_id']);
    unset($breadcrumb->_trail[sizeof($breadcrumb->_trail)-1]['title']);
    header('HTTP/1.1 404 Not Found');
  }

  // ensure navigation snapshot in case must-be-logged-in-for-price is enabled
  if (!$_SESSION['customer_id']) {
    $_SESSION['navigation']->set_snapshot();
  }
  $review_status = " and r.status = 1";
  //Vu - edit line 37 -> 73 
//  $check = "SELECT review_parent_id FROM " . TABLE_REVIEWS_DESCRIPTION . " limit 1";
//  if (false === mysql_query($check)) {
//       $db->Execute("ALTER TABLE " . TABLE_REVIEWS_DESCRIPTION . " ADD " . review_parent_id . " int(11) DEFAULT NULL ");
//  }
  $reviews_query_raw = "SELECT r.reviews_id, rd.reviews_text, r.reviews_rating, r.date_added, r.customers_name, rd.review_parent_id, r.customers_id, c.customers_nickname,
                        rd.reviews_title, IFNULL(r.reviews_votes,0) as reviews_votes, IFNULL(r.reviews_yes,0) as reviews_yes
                        FROM " . TABLE_REVIEWS . " r, " . TABLE_REVIEWS_DESCRIPTION . " rd, " . TABLE_CUSTOMERS . " c 
                        WHERE r.products_id = :productsID
                        AND c.customers_id = r.customers_id
                        AND r.reviews_id = rd.reviews_id " . $review_status . "
                        ORDER BY rd.languages_id ASC, (POW((r.reviews_yes / reviews_votes), 3 ) * LOG( reviews_votes )) DESC";
  
  $reviews_query_raw = $db->bindVars($reviews_query_raw, ':productsID', $_GET['products_id'], 'integer');
/*  $reviews_query_raw = $db->bindVars($reviews_query_raw, ':languagesID', $_SESSION['languages_id'], 'integer'); */
  $reviews_split = new splitPageResults($reviews_query_raw, 3);
  $reviews = $db->Execute($reviews_split->sql_query);  
  //$reviews = $db->Execute($reviews_query_raw);
  $reviewsArray = array();
  while (!$reviews->EOF) {
  	$sql = "SELECT count(customers_id) as count FROM " . TABLE_ORDERS_PRODUCTS . " op, " . TABLE_ORDERS_STATUS_HISTORY . " osh, " . TABLE_ORDERS . " o WHERE op.orders_id = o.orders_id AND osh.orders_id = o.orders_id AND osh.orders_status_id = 3 AND customers_id = :customersID AND products_id = :productsID";
	$sql .= " OR products_prid = :productsID";
        $sql = $db->bindVars($sql, ':customersID', $reviews->fields['customers_id'], 'integer');
        $sql = $db->bindVars($sql, ':productsID', $_GET['products_id'], 'integer');
        $check = $db->Execute($sql);
        $owner = $check->fields['count'] > 0 ? '<p class = "owner_comment">"We certify this review since the customer bought this product with Suplementos Online"</p>':'';
  	$name = strlen($reviews->fields['customers_nickname'])>0?$reviews->fields['customers_nickname']:$reviews->fields['customers_name'] ;
        $name = '<a href="' . zen_href_link(FILENAME_PROFILE, 'nick=' . $name, 'SSL') . '">' . $name . '</a>';
        $reviewsArray[] = array('id'=>$reviews->fields['reviews_id'],
  	                        'customersName'=>$name,
  	                        'dateAdded'=>$reviews->fields['date_added'],
  	                        'reviewsText'=>$reviews->fields['reviews_text'],
  	                        'reviewsRating'=>$reviews->fields['reviews_rating'],
                                'reviewsTitle'=>$reviews->fields['reviews_title'],
                                'reviewsVotes'=>$reviews->fields['reviews_votes'],
                                'reviewsYes'=>$reviews->fields['reviews_yes'],
                                'reviewParentId'=>$reviews->fields['review_parent_id'],
                                'owner'=>$owner);
    $reviews->MoveNext();
}
//Vu - end edit
  if(isset($_POST['reviews_yes_no']) && isset($_POST['reviews_yes_no_id']))
  {      
      if (!$_SESSION['customer_id']) {
          $_SESSION['navigation']->set_snapshot();
          zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
      }
      $reviews_yes_no = (int)$_POST['reviews_yes_no'];
      $reviews_yes_no_id = $_POST['reviews_yes_no_id'];
      $reviews_votes_sql = "SELECT votes_id FROM votes WHERE reviews_id = :reviewsID AND customers_id = :customerID";
      $reviews_votes_sql = $db->bindVars($reviews_votes_sql, ':reviewsID', $reviews_yes_no_id, 'integer');
      $reviews_votes_sql = $db->bindVars($reviews_votes_sql, ':customerID', $_SESSION['customer_id'], 'integer');
      $reviews_votes_result = $db->Execute($reviews_votes_sql);
      if($reviews_votes_result->EOF)
      {          
          //insert into table votes
          $reviews_votes_sql_insert = "INSERT INTO votes (reviews_id, customers_id, yes_no_vote) VALUES(:reviewsID, :customerID, :yesnovote)";
          $reviews_votes_sql_insert = $db->bindVars($reviews_votes_sql_insert, ':reviewsID', $reviews_yes_no_id, 'integer');
          $reviews_votes_sql_insert = $db->bindVars($reviews_votes_sql_insert, ':customerID', $_SESSION['customer_id'], 'integer');
          $reviews_votes_sql_insert = $db->bindVars($reviews_votes_sql_insert, ':yesnovote', $reviews_yes_no, 'integer');
          $db->Execute($reviews_votes_sql_insert);
          
          //update reviews_yes and reviews_vote in table reviews
            if($reviews_yes_no === 1)
            {          
                $reviews_votes_sql_update = "UPDATE " . TABLE_REVIEWS . " SET reviews_yes = IFNULL(reviews_yes, 0) + 1, reviews_votes = IFNULL(reviews_votes, 0) + 1 WHERE reviews_id = :reviewsID";
                $reviews_votes_sql_update = $db->bindVars($reviews_votes_sql_update, ':reviewsID', $reviews_yes_no_id, 'integer');
                $db->Execute($reviews_votes_sql_update);
            }
            else if($reviews_yes_no === 0)
            {
                $reviews_votes_sql_update = "UPDATE " . TABLE_REVIEWS . " SET reviews_votes = IFNULL(reviews_votes, 0) + 1 WHERE reviews_id = :reviewsID";
                $reviews_votes_sql_update = $db->bindVars($reviews_votes_sql_update, ':reviewsID', $reviews_yes_no_id, 'integer');
                $db->Execute($reviews_votes_sql_update);
            }      
      }
      
  }
  // This should be last line of the script:
  $zco_notifier->notify('NOTIFY_HEADER_END_PRODUCT_INFO');
?>